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DETAILED ACTION 

Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1-3, 5-9 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Mittra (US 5,748, 736). 

a. Referring to claim 1: 
L Mittra teaches: 

(1) a sender terminal for transmitting multicast data; a 
receiver terminal for receiving multicast data; an authentication server processor for 
managing the sender terminal and the receiver terminal [i.e., referring to Figure 1, the 
system of Mittra's invention implements a secure multicast group (the "group") 
consisting of senders, receivers, a group security controller (GSC), and some 
number of trusted intermediary (Tl) servers. The GSC and each Tl server are 
responsible for maintaining the security of the group by authenticating and 
authorizing all other members of the multicast as well as managing the group 
keys (Kgrps) that are used to encrypt the messages multicast to the group 
(column 4, lines 8-16). In addition, in each embodiment of the inventive system, 
each GSC, Tl server, sender, and receiver is a device, and all such devices are 
programmed in such a manner that the system can implement a secure multicast. 
For example, each receiver, sender, GSC, and Tl can be a programmed personal 
computer including a network connection (e.g., to the Internet), and each GSC or 
Tl can be a programmed processor including router circuitry (column 6, lines 45- 
52)]; 

(2) a first user processor provided in the sender terminal 
for transmitting a login requirement to the authentication server processor; and a 
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second user processor provided in the receiver terminal for transmitting a login 
requirement to the authentication server processor [i.e., joining a secure multicast 
group requires the joining member first to set up a separate secure channel with 
the GSC of the group (using a unicast communication line). The purpose of the 
secure channel is to facilitate and isolate confidential communication between 
the GSC and this member during the time that the member is part of the group. 
Upon receiving a join request (and approving it), the GSC inserts the member's 
identification and information concerning the secure channel in a private 
database it maintains. In this way the GSC has full knowledge of the group 
membership and can communicate with each member separately and securely 
when required. The member must also store information concerning the secure 
channel for future communication with the GSC. Only the GSC maintains 
information concerning group membership; members do not know about each 
other (except that receivers may need to know the list of authorized senders). 
However, it should be noted that the invention does not protect against traffic 
analysis as a method of gaining information about group membership. The 
secure channel can be set up using any of the authentication protocols that are 
well known in the literature that provide mutual authentication and the exchange 
of a secret (i.e., a key) that can be used to encrypt farther communication 
between the GSC and this member (which is either a user of the sender device or 
a user of the receiver device) (column 7, line 45 through column 8, line 7)]. 
b. Referring to claim 2: 

i. Mittra further teaches: 

(1) wherein the sender terminal encrypts multicast data 
and transmits encrypted multicast data to the receiver terminal when the first user 
processor transmits the login requirement to the authentication server processor and 
when the authentication server processor permits login [i.e., once the GSC and the 
new member have authenticated each other and have agreed on a secret the GSC 
needs to provide the new member with information that will allow it to encrypt 
and/or decrypt the multicast transmission (column 8, line 15-18)]. 
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c. Referring to claim 3: 

i. Mittra further teaches: 

(1) wherein the receiver terminal registered in the 
authentication server processor decrypts encrypted multicast data using an encryption 
key distributed from the authentication server processor and receives decrypted 
multicast data in an application provided in the receiver terminal when the second user 
processor transmits the login requirement to the authentication server processor and 
when the authentication server processor permits login [i.e., once the GSC and the 
new member have authenticated each other and have agreed on a secret the GSC 
needs to provide the new member with information that will allow it to encrypt 
and/or decrypt the multicast transmission (column 8, line 15-18)]. 

d. Referring to claim 5: 

i. Mittra further teaches: 

(1) wherein the authentication server processor executes 
a logout when the second user processor in the receiver terminal does not receive a 
periodically distributed encryption key which is periodically generated by the 
authentication server processor and distributed to the receiver terminal [i.e., the GSC 
decides it no longer wants a particular member within the group, changes the 
Kgrp, and notifies the member of its termination of group membership (column 8, 
line 41-44)]. 

e. Referring to claim 6: 

i. Mittra further teaches: 

(1) wherein the second user processor transmits a logout 
requirement to the authentication server processor and the authentication server 
processor terminates user management when multicast data communication is 
terminated in an application in the receiver terminal [i.e., in the case, the member 
voluntarily wishes to disconnect/logout and needs to notify the GSC of its 
intention so that the GSC may change the Kgrp and then provide a confirmation 
to the leaving member (column 8, lines 38-41)]. 

f. Referring to claim 7: 
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i. 



Mittra further teaches: 



(1) an authentication server processor; a first receiving 



section for receiving a login requirement transmitted from a first user processor provided 
in a sender terminal which transmits multicast data; a second receiving section for 
receiving a login requirement transmitted from a second user processor provided in a 
sender terminal which receives multicast data; and a user registration information 
section for registering user's individual information, wherein the user uses the sender 
terminal, the sender terminal which is permitted login by the authentication server 
processor encrypts multicast data and transmits encrypted multicast data, and the 
receiver terminal, which is registered as a user in the user registration information 
section by the authentication server processor, is permitted login and receives multicast 
data [i.e., this claim has limitations that is similar to those of claim 1, thus it is 
rejected with the same rationale applied against claim 1 above. Thus, joining a 
secure multicast group requires the joining member first to set up a separate 
secure channel with the GSC of the group (using a unicast communication line). 
The purpose of the secure channel is to facilitate and isolate confidential 
communication between the GSC and this member during the time that the 
member is part of the group. Upon receiving a join request (and approving it), the 
GSC inserts the member's identification and information concerning the secure 
channel in a private database it maintains. In this way the GSC has full 
knowledge of the group membership and can communicate with each member 
separately and securely when required. The member must also store information 
concerning the secure channel for future communication with the GSC. All 
communications from the GSC must include a message digest and be digitally 
signed so that receivers may verify that the message has not been corrupted and 
the sender was actually the GSC (column 7, lines 46-59). In addition, if the access 
point is at a level such that the joining member contacts not the GSC but a parent 
Tl server (e.g., in the case that receiver 114f of Figure 1 seeks to join the group 
consisting of all elements of Figure 1 other than receiver 114f, in which case 
receiver 114f would contact Tl server 115c rather than GSC 111), the Tl server 
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performs authentication on behalf of the GSC and changes the Kgrp (for its sub- 
group) using the above-described procedure performed by the GSC (to perform 
authentication and change the Kgrp). However, in order to do this, the Tl server 
in turn must first be registered with its parent Tl server or the GSC. If it is not, the 
Tl server performs a registration with its parent Tl server (or the GSC) prior to 
registering the joining member (column 13, lines 44-56)]. 
g. Referring to claims 8 and 9: 

i. These claims have limitations that is similar to those of claim 
7, thus they are rejected with the same rationale applied against claim 7 above. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1, 4, 7-9 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Wesley et al (US 6,275, 859 B1 ). 

a. Referring to claim 1: 
i. Wesley teaches: 

(1) a sender terminal for transmitting multicast data; a 
receiver terminal for receiving multicast data; an authentication server processor for 
managing the sender terminal and the receiver terminal; a first user processor provided 
in the sender terminal for transmitting a login requirement to the authentication server 
processor; and a second user processor provided in the receiver terminal for 
transmitting a login requirement to the authentication server processor [i.e., referring to 
Figure 1, a number of network nodes 10 are to become part of a multicast data 
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distribution session. Included in the set of nodes 10 are a sender node 10-S and 
one or more receiver nodes 10-R1 through 10-RN. During the multicast session 
to be established, data packets are originated by the sender node 10-S and 
delivered to the various receiver nodes 10-R1 though 10-RN. Before joining a 
multicast session, each node 10 contacts a central authority or CA 12 to obtain 
the necessary credentials. The CA 12 is generally a separate network node that is 
responsible for managing access to the multicast session. The CA 12 may also 
be referred to as a channel manager or group controller. Each node 10 
communicates with the CA 12 via a respective secure unicast channel 14 (shown 
as channels 14-S and 14-1 through 14-RN in Figure 1). Upon being contacted by a 
node 10, the CA 12 authenticates the node 10 via any appropriate means, which 
can include for example using signed certificates, passwords, or a registration 
process in which a prospective group member obtains a group identity after 
submitting payment information such as a credit card number. If the node 10 
approaches the CA 12 with a digitally signed certificate, the CA 12 verifies the 
certificate by using the public key of the authority that signed the node's 
certificate. Thus, the CA 12 is responsible for maintaining or procuring on 
demand the public keys of all certificate-issuing authorities (column 3, line 50 
through column 4, line 8)]. 

b. Referring to claim 4: 

i. Wesley further teaches: 

(1) wherein a receiver terminal, other than the receiver 
terminal registered in the authentication server processor, is rejected an encryption key 
distribution from the authentication server processor when the second user processor 
transmits the login requirement to the authentication server processor and when the 
authentication server processor rejects the login requirement [i.e., each participation 
certificate 16 also includes additional information such as starting and ending 
times for a period of authorized participation by the node 10, and/or an identifier 
of a role the node 10 may play in the multicast session (column 4, lines 21-26). In 
addition, each node 10 is responsible for using the information in the certificates 
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16 received from other nodes 10 to verify that the other nodes 10 are authorized 
to participate in the multicast session. In particular, a node 10 verifies that 
another node 10 advertising its ability to play a particular role, such as the role of 
repair node, is authorized to play such a role. A node 10 performs this 
verification by comparing the advertised ability with information in the certificate. 
Once the repair node and the receiver authenticate and verify each other's 
authorization, every control message exchanged henceforth between the two 
nodes is digitally signed. Digital signatures enable the nodes to accept and 
process only those messages that are produced by legitimate nodes, and to thus 
discard/reject messages from malicious nodes (column 4, lines 52-65)]. 
c. Referring to claims 7,8, and 9: 

i. These claims have limitations that is similar to those of claim 
1, thus they are rejected with the same rationale applied against claim 1 above. 

Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Dillon et al (US 6, 546, 488) discloses a method and apparatus for 
broadcasting newsgroup information to a plurality of users uses a news server, which is 
in communication with the Internet, a newscast transmitter, a satellite gateway, and a 
subscriber station. The news server gathers newsgroup information from Internet 
newsgroups, and the newscast transmitter, in conjunction with the satellite gateway and 
a satellite, distributes all of the information to a plurality of subscriber stations (see 
abstract). 

b. Caronni et al (US 6, 195, 751) discloses a system for secure 
multicast including a plurality of participants that can send and receive multicast 
messages. A traffic distribution component is coupled to the participating entities, 
where the traffic distribution component supports multiple receiver communication. A 
participant key management component operates within each participant entity where 
the participant key management component uses a first key that is shared with all of the 
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other participants, and a second key that is shared with a subgroup of participants (see 
abstract). 



method for distributing, via a communications network, a key in a multicast 
communications system in which each one of a plurality of communications is directed 
to an associated multicast group including a plurality of recipients intended to receive 
the one communication (see abstract). Kleinman further teaches that Manage user 
authentication and user admissions to the multicast communication system 100, 
typically receiving from a user a request to login to the multicast communication system 
100, authenticating the user by validating the user's identity using any appropriate 
validation method and creating a shared secret key with the user for the session, 
Methods of creating a shared secret key for a session are well known in the art, and any 
appropriate method may be used (column 8, lines 20-29). 



communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 703-305-0327. 



the examiner's supervisor, Kim Vu can be reached on 703-305-4393. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
703-872-9306. 



application or proceeding should be directed to the receptionist whose telephone 
number is 703-305-3900. 



Kleinman et al (US 6, 629, 243 B1) discloses A key distribution 



Any inquiry concerning this communication or earlier 



If attempts to reach the examiner by telephone are unsuccessful, 



Any inquiry of a general nature or relating to the status of this 




TBT 



August 6, 2004 



